Overview
- Description
- Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Known exploits
Data from CISA
- Vulnerability name
- Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- Nov 17, 2021
- Required action
- Apply updates per vendor instructions.
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17BC381C-F6CD-4B90-B4AE-8544966ECCE6",
"versionEndExcluding": "4.0\\(2e\\)"
},
{
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D125A3BA-3182-4E44-92CB-E46CA2D5292D",
"versionEndExcluding": "4.5\\(2a\\)",
"versionStartIncluding": "4.5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0D5AFDE1-3A3B-4AF8-A425-492558B0B2EA"
},
{
"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "43CAFBEF-82AC-425C-B659-7856C2ADC7DF"
},
{
"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "9B38E0BA-D320-406B-8739-6218B96DFD24"
},
{
"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "6E19D6AF-E190-463D-B359-BB02362490D1"
},
{
"criteria": "cpe:2.3:h:cisco:hyperflex_hx240c:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F4440219-AA2A-4AA3-B780-2F2DB62D0100"
},
{
"criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "EFF775A8-5A2C-42B7-B26C-85921D803A25"
},
{
"criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5009EC3A-40C9-44B0-8E5E-599657F819FA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]